Fractal ID reveals that a data breach in July 2024 traces back to a compromised password from a 2022 hack, impacting approximately 6,300 users.
Points
- Fractal ID’s data breach affected about 6,300 users, traced back to a 2022 password hack.
- The breach involved compromised admin credentials and led to data exfiltration.
- Fractal ID has implemented stricter security measures to prevent future incidents.
Blockchain identity platform Fractal ID has published a postmortem outlining the data breach that the company suffered on July 14. The breach has since been traced back to a 2022 incident where an employee reused a compromised password.
According to Fractal ID, the compromised account belonged to an operator with the platform for three years and had admin rights. This allowed the attacker to bypass internal data privacy systems, though system monitoring helped lock out the attacker within 29 minutes.
Root Cause of the Breach
The operator’s failure to follow operational security policies and training, along with the reuse of credentials from past hacks, facilitated the breach. On July 14, 2024, the crypto identity verification provider detected unusual activity in one of its back offices. This activity was quickly identified as a malicious attack, leading to data exfiltration for approximately 0.5% of its user base.
However, Fractal ID noted in the postmortem report that it disabled all accounts in the compromised system in response and limited access to senior
employees. The company also prioritized enhancing its security measures to prevent future incidents, such as implementing request throttling, finer-grained authorization, tighter monitoring of failed authentication attempts, and stricter IP control.
In addition to internal efforts, Fractal ID contacted the pertinent data protection authorities and the cybercrime police division in Berlin. The company has also engaged with cybersecurity services to monitor for any potential distribution of stolen data on known data breach sites.
Data Breach Impact
According to the report, the stolen data, which affected around 6,300 users, includes various levels of information, from proof-of-personhood checks to complete KYC checks. This data may include names, email addresses, phone numbers, wallet addresses, physical addresses, and images of uploaded documents. Fractal ID also contacted affected users directly to inform them of the breach.
Fractal ID co-founders Julian, Julio, Lluis, and Anna expressed regret over the incident and emphasized their commitment to protecting user data. They reiterated the company’s goal of moving toward a self-custody storage system to enhance data security.
This security lapse serves as a stark reminder of the difficulties in safeguarding data. Autix10, a crypto ID provider, revealed on June 27 that their online administrative login details were exposed. However, in this instance, the attacker seemingly did not gain access to any customer data.
Initial Hack Dates Back to 2022
The employee’s machine was originally compromised all the way back in September 2022, according to researchers at cybercrime intelligence firm Hudson Rock. The machine was infected by the Raccoon ‘infostealer,’ a commonly available Malware-as-a-Service first observed in April 2019.
“While the computer was infected back in 2022, it appears the victim did not change their password, enabling the hackers to infiltrate an account and initiate the hack,” the researchers wrote.
“The operator didn’t follow our opsec policies and training. We have put technical measures in place to ensure these cannot be sidestepped by any operators in the future. This was not the result of a software vulnerability,” Fractal ID noted in its postmortem.
The U.S. Justice Department indicted a 26-year-old Ukrainian national, Mark Sokolovsky, in 2022 for conspiring to operate Raccoon Infostealer, which was allegedly leased to would-be hackers for as little as $200 a month in cryptocurrency. The FBI was able to identify “more than 50 million unique credentials and forms of identification (email addresses, bank accounts, cryptocurrency addresses, credit card numbers, etc.) in the stolen data from what appears to be millions of potential victims around the world,” though the agency acknowledged that number is likely an undercount.
After failing to fake his death following the Russian invasion of Ukraine, Sokolovsky was extradited to the United States this past February. The U.S. government also set up a website where users can check if their credentials have been compromised.
© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.
解説
- Security Policies: The breach underscores the importance of robust security policies and regular training. Ensuring employees follow security protocols can prevent similar incidents.
- Data Exfiltration: The impact of data breaches can be significant, affecting thousands of users. Companies must be proactive in enhancing security measures and responding promptly to breaches.
- Legal and Regulatory Actions: The involvement of law enforcement and regulatory bodies highlights the seriousness of data breaches. Companies must comply with legal requirements and work with authorities to address security incidents.
Warning: Undefined variable $post in /home/xs575539/coinchain.jp/public_html/wp-content/themes/newses/inc/ansar/hooks/hook-single-page.php on line 180